Conflict Resolution in an ISO/IEC 27001 Standard Implementation: A Contradiction Management Perspective

The ISO/IEC 27001 standard provides organizations with guidelines to help them evaluate, document, and improve their information security processes. In practice, however, the generality of the standard can create a conflict between its requirements and the adopters’ expectations. To better understand how an organization manages such conflicts, we conduct a case study in a Finnish corporation during the standard’s implementation in one of its units. Two critical conflicts emerged: Conflict I reflects a tension between the standard requirement for disciplinary measures vis-à-vis the organization’s punishment-averse culture. Conflict II reflects a tension between the organization’s aspiration for concrete code reviewing instructions vis-à-vis the lack thereof in the standard. Our findings reveal that whereas the conflict resolution process was similar in managing both conflicts, their content was radically different. Specifically, whereas conflict I’s resolution was paradoxical, conflict II’s resolution was dialectical. We discuss the theoretical and practical implications of our findings

Revisiting neutralization theory and its underlying assumptions to inspire future information security research

Over two decades ago, neutralization theory was introduced to information systems research from the field of criminology and is currently emerging as an influential foundation to both explain and solve the information security policy noncompliance problem. Much of what we know about the theory focuses exclusively on the neutralization techniques identified in the original as well as subsequent criminological writings. What is often left unexamined in IS research is the underlying assumptions about the theory’s core elements; assumptions about the actor, the act, the normative system, and the nature of neutralizing itself. The objective of this commentary is to revisit the origin of neutralization theory to identify its core assumptions and to lay a foundation for future IS research inspired by these assumptions. This paper points to five core assumptions: (1) The actor is an early-stage offender; (2) The act is shameful; (3) Neutralizing precedes and facilitates deviance; (4) Normative rules are disputable; and (5) Specific neutralization techniques are more relevant to specific violations. Ignoring these underlying assumptions could lead to a situation where we make unfounded claims about the theory or provide practitioners with harmful, rather than helpful, guidance

Identification of acoustic emission sources in machinery; application to injection/combustion processes in diesel engines

The high temporal resolution of Acoustic Emission offers great promise in the on-line monitoring of complex machines such as diesel engines. The fuel injection process is one of the most important processes in the diesel engine and its timing and fuel delivery control are critical in combustion efficiency. In this work, the phenomena leading to the generation of acoustic emission during injection are investigated by simulation of the injection process in a specially designed rig and through test in running engines on a test-bed. Signal processing approaches are devised to produce diagnostic indicators for the quality of the injection process. The novelty of the research lies in; 1) obtaining a coherent set of data which allows the separation of the part of the signal associated with injection in a given cylinder from other sources adjacent in time and space, and 2) in developing a signal processing approach which allows this separation to be achieved on line using an array of sensors. As such, the research is generic to multi-source multi-sensor analysis in machines. A series of experiments were performed on an experimental injector rig, and two-stroke and four-stroke diesel engines under different operating conditions. The injector rig experiments provided useful information on the characteristic signatures of the injection events, finding which could be implemented to the more complex signal from the running engines. A number of sensor arrays (sets of two and three sensors) were used on two types of four-stroke engine at different running speeds to investigate the source identification of the injection events, the essential strategy being to add complexity to the information in the AE record by using engines of varying degrees of mechanical sophistication. It has been concluded that the AE signals are generated by the mechanical movements of the components in the pump and injector as well as aspects of the fuel flow through the injector and the piping. Also, it is found that the temporal structure of the AE is highly sensitive to sensor position, and that transmission path differences to a sensor array are generally large enough to allow source separation. Applying a purpose-designed thresholding technique, followed by canonical correlation allows the separate identification of parts of the AE signal in the short crank angle widow where sources involved in injection, inlet valve opening and combustion are operating

CROWDSOURCING AS A MOBILE SERVICE - CASE STUDY: PUBLISHING PHOTOGRAPHY

Crowdsourcing- a method for companies to utilize the power of the crowd through internet-based platforms- is a relatively new phenomenon. When offered as a mobile service, crowdsourcing transcends the spatial, temporal and contextual barriers of traditional job requirements, offering an ubiquitous service and access, and providing a suite of both utilitarian and hedonic functions. IS literature indicates that users? extrinsic motivation is a stronger determinant to use utilitarian systems, while intrinsic motivation is a stronger determinant for hedonic systems. However, when the crowdsourced service, such as photography, is both hedonic and utilitarian by nature, users? perceptions of the service are unclear. Earlier research reports mixed results: while some studies suggest that tangible rewards can have an impact on the intrinsic motivation, other studies suggest the opposite. Hence, our study focuses on how the users perceive mobile crowdsourcing services, what motivates them to participate, and how the financial reward affects their intention to participate. In this paper, we outline an ongoing study of a company in Finnish publishing industry crowdsourcing photography. After interviews with the company executives, we will next conduct a series of interviews with the users, and finally, conduct a quasi-experiment to test the developed theoretical model

THE COLLECTIVE VIOLATION TALK SHOW: HOW DO WORKGROUPS ACCOUNT FOR CYBERDEVIANCE?

Cyberdeviance within workgroups is one of the most challenging cybersecurity problems facing modern organizations. Cyberdeviance is an intentional form of security policy violation, reflecting the outcome of a justification process deeming the violation acceptable for the violator. The collective nature of cyberdeviance within groups increases the challenge because group context can steer members to act in accordance with the group’s decisions, even when it violates organizational directives. Despite these challenges, we know very little about how workgroups justify cyberdeviance. We ask: How do workgroups create and validate accounts for cyberdeviance? Guided by the theoretical lens of accounts and based on insights from five deviant workgroups using unauthorized technologies (aka, shadow IT), our analysis points to three core findings. First, the group context is crucial to understanding the violation framing process. Second, at the discursive level, the groups use a unique set of verbalizations that deem cyberdeviance acceptable within the group. Third, we found that this set of verbalized accounts is instrumental to ensure group cohesion and belongingness. We discuss the theoretical and practical implications of these novel insights

People-Driven, ICT-Enabled Innovation: Crowdsourcing

Crowdsourcing reflects the idea that a firm or a person, in an effort to solve specific problem(s), seeks voluntary help from the general public via an open call, by utilizing the available information and communication technologies (ICT). Such description accentuates two central assumptions. Firstly, while recent advances in ICT have enabled novel and innovative applications of crowdsourcing; it is by no means a post-Web phenomenon. In fact, examples of inviting unknown crowds to participate in solving a challenge have been around for centuries. Secondly, crowdsourcing is a multi-faceted and complex phenomenon where social, technological and economic forces are at play; and as such, any attempt at understanding crowdsourcing while ignoring such complexity can be misleading. The objective of this dissertation is to contribute to the accumulating body of knowledge on crowdsourcing, both at organizational and individual levels of analysis, with the following broad questions in mind. How has complexity research aided organization scholars to theorize about innovation in general, and what could crowdsourcing researchers learn from this line of research? To what extent does the crowd represent a threat to professionalism, and to what extent could organizations exploit this threat as a source of opportunity? What factors motivate the crowd to repeatedly participate in crowdsourcing services? And as the time passes, what makes them discontinue their participation? These four questions, respectively, have guided the research efforts reported in the four articles included in this dissertation. Together, these four articles provide a holistic and multi-perspective understanding of crowdsourcing. From an organizational perspective, articles I and II – predominantly conceptual (theoretical) in nature – identify the key characteristics of organizations as complex adaptive systems, and provide a theoretical foundation for crowdsourcing as a sourcing strategy that enhances organizational survival chances. Then, from an individual perspective, articles III and IV provide an interpretive understanding of the use lifecycle of crowdsourcing systems. Based on a longitudinal empirical investigation of a popular crowdsourcing platform, these two articles report on: a) the key factors responsible for attracting members of the crowd to adopt the said technology; b) the key factors responsible for driving them to continuously use it for extended periods of time; and c) the key factors responsible for them to discontinue using it. The thesis concludes with a discussion of the key theoretical and practical contributions, as well as the limitations and directions for future research

Reconsidering the Role of Research Method Guidelines for Qualitative, Mixed-methods, and Design Science Research

Guidelines for different qualitative research genres have been proposed in information systems (IS). As these guidelines are outlined for conducting and evaluating good research, studies may be denied publication simply because they do not follow a prescribed methodology. This can result in “checkbox” compliance, where the guidelines become more important than the study. We argue that guidelines can only be used to evaluate what good research is if there is evidence that they lead to certain good research outcomes. Currently, the guidelines do not present such evidence. Instead, when it is presented, the evidence is often an authority argument or evidence of popularity with usability examples. We further postulate that such evidence linking guidelines and outcomes cannot be presented. Therefore, it may be time for the IS research community to acknowledge that many research method principles we regard as authoritative may ultimately be based on speculation and opinion, and thus, they should be taken less seriously as absolute guidelines in the review process

Design, synthesis, biological evaluation, and nitric-oxide release studies of a novel series of celecoxib prodrugs possessing a nitric-oxide donor moiety

A new group of hybrid nitric oxide-releasing anti-inflammatory drugs (NONO-coxibs), in which an O2 ‑acetoxymethyl-1-(N-ethyl-N-methylamino)diazen-1-ium-1,2-diolate NO-donor moiety is attached directly to the carboxylic acid group of 1-(4-aminosulfonylphenyl)-5-aryl-1H-pyrazol-3-carboxylic acids (6a–c), were synthesized. A low amount of NO was released from the diazen-1-ium-1,2-diolate compounds 6a–c upon incubation with phosphate buffer saline (PBS) at pH 7.4 (range: pH 7.97–8.51), whereas, the percentage of NO released was significantly higher (84.5%–85.05% of the theoretical maximal release of two molecules of NO/molecule of the parent hybrid ester prodrug) when the diazen-1-ium-1,2-diolate ester prodrugs were incubated in the presence of rat serum. These incubation studies demonstrated that both NO and the anti-inflammatory 1-(4-aminosulfonylphenyl)-5-(4-H, 4-F or 4-Me-phenyl)-1H‑pyrazol-3-carboxylic acid (4a–c) would be released from the parent NONO-coxib upon in vivo cleavage by non-specific serum esterases. The parent compounds 4a-c displayed good antiinflammatory effects (ID50=81.4–112.4 mg/kg p.o.) between those exhibited by the reference drugs, aspirin (ID50=114.3 mg/kg p.o.) and celecoxib (ID50=12.6 mg/kg p.o.). Hybrid ester anti-inflammatory/NO-donor prodrugs (NONO‑coxibs) offer a potential drug-design concept directed toward the development of antiinflammatory drugs that are lacking adverse ulcerogenic and/or cardiovascular effects